When a sheriff in central Tennessee is the victim in a ransomware case, you know the threat is real.
According to a Memphis Business Journal story, someone in the Dickson County Sheriff’s Office clicked on a link in an email and malicious software locked up all of the case files and demanded the sheriff’s office pay $500 (in Bitcoin) to access them.
There has been a surge in ransomware — a form of malware that allows hackers to block access to your data until you pay them a ransom to unlock it — the last few years. According to report released by Check Point in February 2017, ransomware attacks doubled during the second half of 2106. The report uses threat intelligence data drawn from Check Point’s ThreatCloud World Cyber Threat Map, a live map that identifies millions of malware types each day.
“The report demonstrates the nature of today’s cyber-environment, with ransomware attacks growing rapidly,” said Maya Horowitz, threat intelligence group manager at Check Point. “This is simply because they work, and generate significant revenues for attackers. Organizations are struggling to effectively counteract the threat: many don’t have the right defences in place, and may not have educated their staff on how to recognise the signs of a potential ransomware attack in incoming emails.”
In the last year, more than a dozen hospitals have reported ransomware attacks, including a high-profile Los Angeles hospital. Attackers demanded a $3.4 million ransom from Hollywood Presbyterian.
Public libraries, city governments, universities and more have been targeted. And the attacks come at a huge cost: $1 billion in 2016, according to some experts.
Ben Rossen, an attorney with the Federal Trade Commission’s (FTC) Division of Privacy and Identity Protection, called ransomware “one of the most serious online threats facing people and businesses today — and the most profitable form of malware criminals use,” in this article on the FTC’s site. And the FTC is so concerned about the influx in cases they hosted a workshop on ransomware in September 2016.
There are at least a half dozen variants of crypto-ransomware, including CryptoLocker and CryptoWall. Cerber is the world’s biggest ransomware-as-a-service scheme that’s set up like a franchise, with its developer recruiting affiliates who spread the malware for a cut of the profits, according to this SC Magazine UK story.
To Pay or Not to Pay?
While law enforcement will generally discourage you from paying the ransom, individuals and businesses have to determine for themselves whether the risks and costs of paying are worth the possibility of getting your files back. You see even in if you pay the ransom, there’s no guarantee you’ll get your files back. We say “generally” because the Tennessee Bureau of investigation and the FBI helped the Dickson County Sheriff’s Office on its ransomware case, and concluded they best pay the ransom.
In more recent news, the Roxana Police Department in Roxana, Illinois dealt with a ransomware attack that struck Feb. 1, 2017. The police did not pay the ransom and the FBI is investigating the matter.
It’s hard to know how many ransomware victims there are, since victims are ashamed and don’t know where to turn for help, says Rahul Kashyap, a researcher at the cybersecurity firm Bromium. “Many people might actually panic,” he told an NPR reporter for a story entitled “Ransomware: When Hackers Lock Your Files, To Pay Or Not To Pay?
“They might believe that they did something wrong or they made a mistake which resulted in this compromise,” Kashyap continued.
According to a 2014 Bromium report that looked at nearly 30 cases of ransomware, this specific form of malware has been around since 2013 and is getting more sophisticated as time goes by. Hackers are even writing the code so it can target certain types of files that are more likely to be valued by a company — CAD drawings etc. are likely worth more than simple company memos. And hackers often take advantage of major data breaches and send phishing emails warning people their credentials aren’t safe and to “click this link,” which will then promptly allow ransomware to encrypt their files.
Take for example, Locky, a newer form of ransomware unveiled following 2015’s Office of Personnel Management data breach, when the personal details off 22 million federal employees were hacked. Utah state representative Jason Chaffetz called that particular breach “the most devastating cyberattack in our nation’s history.”
Targets of the Locky campaign get sent an email claiming to be from OPM and warning of suspicious bank account activity. A ZIP attachment purporting to contain further info actually contains a hostile JavaScript app which, if run, will download and install ransomware that demands a Bitcoin ransom. According to this zdnet story, ransomware is now one of the three most common malware threats. It was Locky ransomware that took down the network of Hollywood Presbyterian, which then was forced to pay $17,000 to hackers in order to regain access to critical systems.
Ransomware Evolving
Ransomware is now evolving to include doxware, which could leak a victim’s data if the ransoms aren’t paid. This changes the game for folks who have backed up their data and aren’t planning to pay the ransom.
“Businesses in particular would be more likely to pay if there is a possibility that sensitive data could be released to the public as opposed to cutting losses starting fresh from backup data as businesses can do with current variants of ransomware,” according to this SC Magazine story.
Andrew Komarov, chief intelligence officer for InfoArmor, was interviewed for the story.
“This type of malware has an attractive business driver for cybercriminals based on privacy concerns of the affected victims,” Komarov said. “The percentage of ransom payments is much higher compared to other ransomware where files are simply encrypted.”
This evolution is especially concerning for everyday folks who are concerned about identity theft since that leaked data could, for instance, include your personal health information (PHI) if a healthcare administrator is the ransomware target.
Defend Yourself
So how can you defend yourself against ransomware and what can you do if you’re a victim?
The FTC shared some good tips:
How can I defend against ransomware?
- Update your software. Use anti-virus software and keep it up-to-date. And set your operating system, web browser, and security software to update automatically on your computer. On mobile devices, you may have to do it manually. If your software is out-of-date, it’s easier for criminals to sneak bad stuff onto your device.
- Think twice before clicking on links or downloading attachments and apps. According to one panelist, 91 percent of ransomware is downloaded through phishing emails. You also can get ransomware from visiting a compromised site or through malicious online ads.
- Back up your important files. From tax forms to family photos, make it part of your routine to back up files on your computers and mobile devices often. When you’re done, log out of the cloud and unplug external hard drives so hackers can’t encrypt and lock your back-ups, too.
What if I’m a victim of ransomware?
- Contain the attack. Disconnect infected devices from your network to keep ransomware from spreading.
- Restore your computer. If you’ve backed up your files, and removed any malware, you may be able to restore your computer. Follow the instructions from your operating system to re-boot your computer, if possible.
- Contact law enforcement. Report ransomware attacks to the Internet Crime Complaint Center or an FBI field office. Include any contact information (like the criminals’ email address) or payment information (like a Bitcoin wallet number). This may help with investigations.
* Courtesy the Federal Trade Commission.
Ransomware is just one way a thief can wreak havoc on your life. There are many ways thieves can steal your identity, and while you can try to be as safe as possible, you could end up a victim of identity theft. Sign up now for LibertyID.
Are you covered for identity theft?
Image: Pexels